Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Esxi & dmz

  • Filter
  • Time
  • Show
Clear All
new posts

  • Esxi & dmz

    Im trying to set up a DMZ on a new ESXI farm but Im getting seriously confused with all the info Iíve read as it all seams to contradict. Some people are saying that its ok to put the DMZ in the same vswitch as the Management network but on a different vlan & some people are saying it should not be done.

    Also is the service console part of the management network?

    Im running ESXI5.1

  • #2
    Re: Esxi & dmz

    This will depend on the uplink NICs you want to use for your DMZ network relative to your management network.

    If you want each network to use dedicated uplink NICs then a separate vSwitch would be the way to go.

    As you're using ESXi you don't have Service Console ports, instead you have VMkernel ports that are enabled for management traffic.
    VCP2 / VCP3 / VCP4 / VCP 5 / VCAP-DCA4 / VCI / vExpert 2010-2012


    • #3
      Re: Esxi & dmz

      Agree entirely with Scott on this one.

      We have a dedicated NIC on each server that is connected to a VLAN that is our DMZ.

      Have a read through this



      • #4
        Re: Esxi & dmz

        I though this was the way to go but I have a bad feeling I cant add any more NIC's to my server. I have a PCIe expansion card with x4 extra & Im unsure if this is the limit or not.

        Gona have to check I think...

        Thanks for the advice


        • #5
          Re: Esxi & dmz

          We've always set up our esx hosts with separate physical nics for dmz, internal data, and storage network. We trunk the nics for the dmz vlans and data vlans but the storage network is a single vlan so the storage nics aren't trunked.

          As far as separating dmz and internal data, I'm getting the feeling that there has been a lot done in switch technology to make it safer as far as things like "vlan hopping" and maybe people leaning toward just using vlan separation for security and properly setup switches/firewall. I'm still on the fence however.